Re: $HOME/bin

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2007-06-04 at 21:01 +0930, Tim wrote:
> Tim:
> >> The other catch is that being able to execute stuff in your home folder
> >> is a bit of a security risk.
> 
> Andreas Bernauer:
> > On what theory do you base this (IMHO weird) statement?  
> 
> Don't you read any of the security notices?  Mounting /home as noexec is
> a very old, and wise, technique for making a system more secure.

It's the same kind of wisdom advising you to wear a knight's armor or a
bullet-proof vest in everyday life. It might be suitable in certain
environments, but in general, though it might make your life a glimpse
more secure, but your comfort is likely to suffer severely.

>   The
> same goes for mounting /tmp and /var noexec.  Why do you think there's
> an option to mount a partition with the noexec parameter?
It's useful for data partitions, but even then mounting read only is
more useful.

> If a user can create and run a program, they can do much more to a
> system than one who can't.
Yes, a person who is able to leave his house is able to do much more
than one which can't - But most people want to leave their house, and
prefer not to live in a cage.

Ralf



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux